In today's post of the Azure Update Management Series, we will take a look at how to schedule an update deployment. In the first and second post of this series, we looked at introduction and overview of the solution and also how to enroll Azure VMs.
As we all know by now, Update Management Solution is free offering from Microsoft which allows you to perform patch assessment and compliance for your Azure VMs both Windows and Linux machines, along with on-premises VMs and VMs running on other cloud service providers.
Also, an important to note is that when WSUS is used in conjunction with Azure Update Management, any deployment scheduled in the Azure Update Management solution will not take precedence.
To create a new deployment schedule, go to your Azure Automation Account, under Update Managment, select Schedule update management.
This will bring up a New update deployment pane, fill out the below details.
- Name: Provide a descriptive name for the update deployment.
- Operating System: Select the Operating System, you can select either Windows or Linux.
- Groups to update: This feature is in the preview and it allows you to group Virtual Machines based on Subscription, Resource Groups, Location, and Tags.
- Machines to update: You can specify individual VMs that are going to be part of this scheduled update deployment.
- Update Classifications: There are 8 update classification types that you can select from and we will talk about them shortly.
- Include/exclude updates: This allows you to include or exclude specific updates by providing the Microsoft KB ID.
- Schedule settings: Here, you can specify if this is a recurring or one-time update deployment and also the data and time.
- Pre/post scripts: This feature is also in preview and allows you to perform certain pre and post actions. For example, you can power ON the VM if it is down before the deployment starts and shut down the VM once it the deployment completes.
- Maintenance Window: The standard maintenance window is set to 2 hours. The last 20 minutes of which is reserved for rebooting the server. The minimum maintenance window is 30 minutes. Any updates that have not been started by the time the maintenance window is over will be skipped. If updates are already in progress, they will be completed.
- Reboot options: You are provided with four options here. Reboot if required, Never reboot, Always reboot, Only reboot, will not install updates.
Groups to Update - This is in Preview right now.
Allows you to include/exclude specific KB
Specify the schedule settings - One time or Recurring
Before we close this post, let us quickly talk about the various classifications.
| Classification | Description |
|---|---|
| Critical updates | An update for a specific problem that addresses a critical, non-security-related bug. |
| Security updates | An update for a product-specific, security-related issue. |
| Update rollups | A cumulative set of hotfixes that are packaged together for easy deployment. |
| Feature packs | New product features that are distributed outside a product release. |
| Service packs | A cumulative set of hotfixes that are applied to an application. |
| Definition updates | An update to the virus or other definition files. |
| Tools | A utility or feature that helps complete one or more tasks. |
| Updates | An update to an application or file that currently is installed. |
For Linux, we have two update classifications, which are:
| Classification | Description |
|---|---|
| Critical and security updates | Updates for a specific problem or a product-specific, security-related issue. |
| Other updates | All other updates that aren't critical in nature or aren't security updates. |
We have covered how to schedule an update deployment in the Azure Update Management and in the next post, we will look at how to check Update Compliance.
I hope this has been informative and thank you for reading!
